bun icon indicating copy to clipboard operation
bun copied to clipboard

Published 20 hours ago verified publisher icon oven-sh

Support git dependencies

Open Jarred-Sumner opened this issue 3 years ago • 8 comments

Jarred-Sumner avatar Dec 20 '21 07:12 Jarred-Sumner

Hi Jarred,

I am enjoying bun! And waiting for this feature to land :-)

Just want to add some details here, if it helps.

Git dependencies can be either public repo or private repo. The private one is quite important for enterprise adoption, obviously there is some work on handling authentication.

If git dep is from one of github/gitlab/bitbucket, npm also supports shortcut (such as username/reponame#branch) as well as full git/https url. npm uses hosted-git-info to handle both shortcut and full url.

The public repo from github/gitlab/bitbucket also provides tarball url (hosted-git-info has it), that's cheaper than a shallow clone of git repo.

When npm install dep from any kind of git repo, there is a possible prepare script to be run. Yarn and pnpm all missed this one at beginning (probably due to lack of documentation from npm site). (Yarn v1 refused to fix this issue because it only maintains v2 now)

https://docs.npmjs.com/cli/v8/commands/npm-install

If the package being installed contains a prepare script, its dependencies and devDependencies will be installed, and the prepare script will be run, before the package is packaged and installed. ... As with regular git dependencies, dependencies and devDependencies will be installed if the package has a prepare script before the package is done installing.

3cp avatar Jul 14 '22 11:07 3cp

It's been a while and all other issues pointing to this one. Is the actual solution to fix this problem with git dependencies? I love using bun however I have to use npm since I couldn't update my project's packages due to this git dependency error.

dyanechi avatar Sep 16 '22 05:09 dyanechi

I am superhyped about Bun and wish there was at least a workaround to the problem.

I've tried mix and match npm with bun install to get around it, but I think Bun does not recognize deps installed until it's added to the bun.lockb file, which I am not sure how to edit since it's binary. The hypothesis was that I could add entries of git deps as if they're resolved.

Anyway, would appreciate any pointers to solve it until feature support lands.

dzmitry-kankalovich avatar Sep 21 '22 09:09 dzmitry-kankalovich

@dzmitry-kankalovich you could publish private packages to a private registry. It's more flexible than git dep.

https://verdaccio.org https://www.sonatype.com/products/nexus-repository https://github.com/features/packages https://learn.microsoft.com/en-us/azure/devops/artifacts/start-using-azure-artifacts?view=azure-devops

3cp avatar Sep 21 '22 09:09 3cp

@dzmitry-kankalovich you could publish private packages to a private registry. It's more flexible than git dep.

@3cp I've considered that, but in my case the failure happens in transitive dependencies of opensea-js, which prob means for me putting the entire dep graph there. Sounds like it could be a workaround, but still a lot of hassle of setting up that private repo, packaging deps and pushing them there and etc.

But I guess it is indeed an applicable workaround.

dzmitry-kankalovich avatar Sep 21 '22 09:09 dzmitry-kankalovich

@dzmitry-kankalovich

I've tried mix and match npm with bun install to get around it, but I think Bun does not recognize deps installed until it's added to the bun.lockb file, which I am not sure how to edit since it's binary. The hypothesis was that I could add entries of git deps as if they're resolved.

yarn install seems to work for me, installs external git packages and then they are properly loaded by bun

@3cp while publishing to a private repo is more flexible it's overkill for some simpler use cases like a short-lived fork of a package with just some fixes waiting to be merged upstream

knoopx avatar Sep 21 '22 10:09 knoopx

@knoopx do subsequent bun install invocations work? Because it doesn't in my case, again likely because there is no record of dependency in bun's lockfile (which is different from package-lock.json)

I suspect that you can first do bun install to provision bun-specific dependencies, and then use npm or yarn to manage dependencies for the rest of the project lifecycle (or until bun will support git packages). But bun install would be off the table.

Also, that would mean the trouble of building a project from scratch (e.g. packaging in Docker). Prob bun-related node_modules would need to be committed/copied to the container.

dzmitry-kankalovich avatar Sep 21 '22 10:09 dzmitry-kankalovich

@knoopx do subsequent bun install invocations work? Because it doesn't in my case, again likely because there is no record of dependency in bun's lockfile (which is different from package-lock.json)

no it doesnt, i just dont bun install. I exclusively use yarn for dependency management, at least until bun install improves further.

knoopx avatar Sep 21 '22 11:09 knoopx